|
|
|
---
|
|
|
|
|
|
|
|
- name: Ensure that the algo group exist
|
|
|
|
group: name=algo state=present
|
|
|
|
|
|
|
|
- name: Ensure that the jail directory exist
|
|
|
|
file: path=/var/jail/ state=directory mode=0755 owner=root group=root
|
|
|
|
|
|
|
|
- name: Ensure that the SSH users exist
|
|
|
|
user:
|
|
|
|
name: "{{ item }}"
|
|
|
|
groups: algo
|
|
|
|
home: '/var/jail/{{ item }}'
|
|
|
|
createhome: yes
|
|
|
|
generate_ssh_key: yes
|
|
|
|
shell: /bin/false
|
|
|
|
ssh_key_type: rsa
|
|
|
|
ssh_key_bits: 2048
|
|
|
|
ssh_key_comment: '{{ item }}@{{ IP_subject_alt_name }}'
|
|
|
|
ssh_key_passphrase: "{{ easyrsa_p12_export_password }}"
|
|
|
|
state: present
|
|
|
|
append: yes
|
|
|
|
with_items: "{{ users }}"
|
|
|
|
|
|
|
|
- name: The authorized keys file created
|
|
|
|
file:
|
|
|
|
src: '/var/jail/{{ item }}/.ssh/id_rsa.pub'
|
|
|
|
dest: '/var/jail/{{ item }}/.ssh/authorized_keys'
|
|
|
|
owner: "{{ item }}"
|
|
|
|
group: "{{ item }}"
|
|
|
|
state: link
|
|
|
|
with_items: "{{ users }}"
|
|
|
|
|
|
|
|
- name: Generate SSH fingerprints
|
|
|
|
shell: >
|
|
|
|
ssh-keyscan {{ IP_subject_alt_name }} 2>/dev/null
|
|
|
|
register: ssh_fingerprints
|
|
|
|
|
|
|
|
- name: The known_hosts file created
|
|
|
|
template: src=known_hosts.j2 dest=/root/.ssh/{{ IP_subject_alt_name }}_known_hosts
|
|
|
|
|
|
|
|
- name: Fetch users SSH private keys
|
|
|
|
fetch: src='/var/jail/{{ item }}/.ssh/id_rsa' dest=configs/{{ IP_subject_alt_name }}_{{ item }}.ssh.pem flat=yes
|
|
|
|
with_items: "{{ users }}"
|
|
|
|
|
|
|
|
- name: Fetch the known_hosts file
|
|
|
|
fetch: src='/root/.ssh/{{ IP_subject_alt_name }}_known_hosts' dest=configs/{{ IP_subject_alt_name }}_known_hosts flat=yes
|